Pingback DoS/spam

Sam Rowe complains that the Pingback spec doesn’t have any way to prevent spam or DoS attacks by repeatedly hitting a Pingback server. Now, the DoS suggestions is true but irrelevant, because you can DoS a server by just repeatedly hitting one of its web pages; Pingback is nothing special in this regard, and doesn’t fix the problem because it’s a problem inherent in serving stuff over a web server; it’s Apache’s problem, not Pingback’s. The spam suggestion is a little more worrying, but it’s something that we’ve discussed before (although I can’t find a reference to it) — essentially, you can spam someone’s referrer logs the same way, and a referrer log display routine like, say, Mark Pilgrim’s, will have the same problems unless it filters server-side to cater for this. I don’t see it as a major problem, in short. ——-

More in the discussion (powered by webmentions)

  • (no mentions, yet.)